Security Experts:

Will Bitcoin 2.0 be Facebook?

Bitcoin’s wiki defines it to be “an experimental, decentralized digital currency”. As with any experimental system, if it proves to be successful then it is usually followed by a finalized product which builds on the parts that worked well on the experiment and removes the parts proved to be irrelevant.

Some investors obviously consider the Bitcoin experiment to be successful as they invest in it, either directly by buying Bitcoins or indirectly by investing in related technologies. Therefore we can assume Bitcoin will be followed by Bitcoin 2.0 that will solve Bitcoin 1.0 problems while maintaining the parts that were crucial to its success. But what exactly are these crucial elements?

One of the main challenges of any scientific experiment is to take control over all the relevant variables, such that the effect of changing just one variable can be correctly measured. The Bitcoin currency has many “variables” as it consists of a combination of many elements. It is, or at least commonly considered to be, a digital, anonymous, decentralized, cryptography based currency. If we assume that Bitcoin experiment is indeed a successful one, which of these elements was crucial to its success? Since Bitcoin social experiment was not really conducted as a scientific experiment, this column can only suggest some educated guesses about the identity of the critical elements.

Anonymity is probably NOT the key factor

Since the different parties involved in a Bitcoin transaction are identified by some arbitrary numbers (“Bitcoin addresses”), some popular publications consider Bitcoin transactions to be anonymous. However, since that every transaction is publicly logged, anyone can track the flow of Bitcoins from address to address. If any of the addresses in a transaction's past or future can be tied to an actual identity, it might be possible to work from that point and figure out who owns all of the other addresses –as some researchers had already demonstrated . Bitcoin’s community acknowledges that and states that “the current implementation is usually not very anonymous ”. Therefore, if we consider Bitcoin to be a success it cannot be attributed to the anonymity it offers.

Decentralization is probably NOT the key factor

Bitcoin’s decentralization is often celebrated by libertarian thinkers as one of the most important contributions of it. As opposed to traditional currency, in the Bitcoin system there’s no central bank that can mint more coins or ban money transfer to some party. Coins generation is decentralized by the distributed “mining” process, so theoretically anyone can harness the power of her CPU to compute cryptographic hashes and generate new coins. The whole decentralization concept is depends on the distribution of the hashrate across many different CPUs. Should some party gain control over the majority of the hashrate within the Bitcoin system, it would have the same power as a central bank.

Since Bitcoin mining nowadays require the use of very expensive dedicated hardware to be cost-effective, there are not a lot of players in that field. The graph below shows that it would only take a collusion of two parties to control most of the Bitcoin network hashrate.

Hashrate Distribution

Figure 1 - Hashrate Distribution

The effect of it was demonstrated on last March when Bitcoin code version upgrade created a problem within the network and the network made a decision to revert to the old version, thus “changing the rules of the game” (for a positive cause). Bitcoinmagazine pointed that out:

“The reason why the controlled switch to the 0.7 fork was even possible was that over 70% of the Bitcoin network’s hash power was controlled by a small number of mining pools and ASIC miners, and so the miners could all be individually contacted and convinced to immediately downgrade.”

In that specific case, the intervention was due to a good cause, but it just illustrates that rules of the Bitcoin game can be easily changed with the current Hashrate distribution. Therefore, if we consider Bitcoin to be a success it cannot be attributed to its decentralized design.

The need for digital cash is probably the key factor!

In my humble opinion, the Bitcoin experiment really shows that there’s a real need for the digital equivalent of cash and that people are willing to put their trust in this model and exchange fiat currency for digital cash. We like using digital cash for the same reasons that we like using real cash – it give us a simple way to transfer relatively small amounts of money from one person to another. As with regular cash, we are willing to expose ourselves to greater level of risk in order to enjoy cash advantages. Cash transactions, real world or digital, are irreversible, wallets can be stolen and bills may get ruined (by a digital delete or by a physical washing machine).

This result is far from being trivial. I don’t think that many of us thought that people will be willing to give their hard earned money in exchange to some digital data, which is worthless on its own, prior to the Bitcoin experiment. What does it mean for Bitcoin 2.0? If my hypothesis is correct and the Bitcoin experiment was successful mainly due to its similarity to real world cash and not because of its other properties such as anonymity, decentralized design or sophisticated use of cryptography, it means that Bitcoin 2.0 should focus on that cash user experience motif.

Moving the anonymity and decentralization out of the digital cash equation, makes room for new players. Facebook, Google, or some other social networking website are natural candidates to be such a player. Being a social networking site they already have vast experience with creating all kinds of person to person data exchanges and can expand their business by enabling person to person digital cash exchanges. Since people seem to already trust Facebook and Google with some highly valuable secrets, so it only seems to be logical that they would trust them with small amounts of money.

It seems that Facebook thinks so too, as they had already been reported to have launched some experiments in that area.

But again, it’s just a hypothesis. Back in 2011, Dan Kaminsky, a prestigious security researcher, claimed, half-jokingly, that “Bitcoin is a particularly effective DoS against security professionals ”. If my hypothesis proves to be wrong, then this column can be considered as just another victim of the epidemic.

view counter
Tal Be’ery is a Senior Security Research Manager in Microsoft, formerly the VP of Research at Aorato (acquired by Microsoft), developing Microsoft Advanced Threat Analytics (ATA). Previously, Tal managed various security project teams in several companies. Tal holds a B.Sc and an M.Sc degree in Electrical Engineering and Computer Science and is a Certified Information Systems Security Professional (CISSP). He is the lead author of the TIME attack against HTTPS, has been a speaker at security industry events including RSA, Blackhat and AusCERT and was included by Facebook in their whitehat security researchers list. (Twitter: @talbeerysec)